Senior/Staff Security Engineer, Threat Intelligence at Anthropic

Hybrid - Zürich, CH

Apply
More jobs at Anthropic

Anthropic sits at the frontier of AI development, making it an attractive target for nation‑state and advanced criminal actors. The Threat Intelligence function within the Detection & Response team ensures we anticipate and mitigate such threats. In this hands‑on role, the engineer will produce actionable intelligence that informs detections, hunts, and defensive priorities, building tooling and pipelines that convert raw indicators into operational defenses while collaborating closely with detection engineers and incident responders. The role offers the opportunity to shape how threat intelligence is collected, analyzed, and operationalized at Anthropic.

Requirements

Skills

  • Have hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
  • Have deep, demonstrable knowledge of specific nation‑state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
  • Are a strong engineer: you write production‑quality Python (or similar), have built automation and data pipelines, and can build the tooling you need end‑to‑end
  • Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings
  • Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM‑native queries) and understand what makes a detection durable vs. brittle
  • Can write clearly and concisely — your intelligence products are read and acted on, not filed away
  • Have an existing network in the threat intelligence community and experience sharing intelligence productively in both directions
  • Have experience defending cloud‑native and research‑heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)
  • Have prior work in a threat intelligence role tracking sophisticated or state‑sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response
  • Have experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
  • Have public research, conference talks, or open‑source tooling contributions in the CTI space

Responsibilities

  • Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
  • Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
  • Develop and execute intelligence‑driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
  • Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
  • Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near‑real‑time
  • Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model
  • Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
  • Build and maintain external intelligence‑sharing relationships with peer companies, ISACs, and government partners

Technologies

PythonYARASigmaSnortSuricataSIEM-native queriespassive DNScertificate pivotingnetflowAWSGCPKubernetesML infrastructureLLMsAI tooling

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.